Legacy network security has become ineffective 
in a cloud- and mobile-first world 


Legacy hub-and-spoke architectures were effective 


when users were located primarily at headquarters 
or in a branch office, applications resided solely in 
the corporate data center, and your attack surface 
was limited to what your organization sanctioned. 
Today, we live in a drastically different world, with 
a threat landscape in which ransomware, encrypted 
threats, supply chain attacks, and other advanced 
threats break through legacy network defenses. 
It’s time to find a cloud native security solution 
that holistically reduces risk and complexity while 
enabling flexibility to help drive business 


initiatives forward. 


Zscaler Internet Access 


Securing today’s cloud- and mobile-first enterprise 
requires a fundamentally different approach built 
on zero trust. Zscaler Internet Access, part of the 
Zscaler Zero Trust Exchange™, is the world’s most 
deployed security service edge (SSE) platform, built 
on a decade of secure web gateway leadership. 
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Benefits: 


e Prevent cyberthreats and data loss with Al: Protect 


your organization against advanced threats with a 
suite of Al-powered cyberthreat and data protection 
services, enriched by real-time updates sourced 


D 


from 300 trillion daily threat signals from the world’s 


largest security cloud. 


Get an unmatched user experience: Get the world’s 
fastest internet and SaaS experience (up to 40% 
faster than legacy security architectures) to boost 


productivity and increase business agility. 


Modernize your security architecture: Realize 139% 
ROI with Zscaler by replacing 90% of your costly, 
complex, and slow appliances with a fully 


cloud-native zero trust platform. 


Delivered as a scalable SaaS platform from 
the world’s largest security cloud, it eliminates 
legacy network security solutions to stop 
advanced attacks and prevent data loss with a 
comprehensive zero trust approach, offering: 


Best-in-class, consistent security for today’s 
hybrid workforce: When you move security to 
the cloud, all users, apps, devices, and locations 
get always-on threat protection based on identity 
and context. Your security policy goes everywhere 
your users go. 


Lightning-fast access with zero infrastructure: 
Direct-to-cloud architecture ensures a fast, 
seamless user experience. This eliminates 
backhauling, improves performance and 

user experience, and simplifies network 
administration—with no physical 
infrastructure, ever. 


Al-powered protection from the world’s largest 
security cloud: Inline inspection of all internet 
and Saas traffic, including SSL decryption, with 

a suite of Al-powered cloud security services to 
stop ransomware, phishing, zero-day malware, 
and advanced attacks based on threat intelligence 
from 300 trillion daily signals. 


Simplified management: Using a cloud native 
security solution infused with Al, no hardware to 
manage, streamlined workflows, and business- 
focused policy creation frees up valuable time 
for your team to focus on strategic goals. 
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Integrated, Al-powered security 
and data protection services 


Zscaler Internet Access includes a comprehensive 
suite of Al-powered security and data protection 
services to help you stop cyberattacks and data 
loss. As a fully cloud-delivered SaaS solution, you 
can add new capabilities without any additional 
hardware or lengthy deployment cycles. The 
modules available as part of Zscaler Internet 
Access are: 


e Cloud Secure Web Gateway (SWG): Deliver 
a safe, fast web experience that eliminates 
ransomware, malware, and other advanced 
attacks with real-time, Al-powered analysis 
and URL filtering from the only leader in the 
2020 Gartner MQ for SWGs. 


e Cloud Access Security Broker (CASB): Secure 
cloud apps with integrated CASB to protect 
data, stop threats, and ensure compliance 


across your SaaS and laaS environments. 


e Cloud Data Loss Prevention (DLP): Protect 
data in motion with full inline inspection and 
advanced measures like exact data match 
(EDM), optical character recognition (OCR), 


and machine learning. 


Zscaler named a Leader 
in the Gartner Magic 
Quadrant for SSE 


Learn More > 


Gartner 


Data Sheet 


e Cloud Firewall & IPS: Extend industry-leading e Al-Powered Cloud Browser Isolation: Make 


protection to all ports and protocols, and web-based attacks obsolete and prevent data 
replace edge and branch firewalls with a cloud loss by creating a virtual air gap between users, 
native platform. the web, and SaaS. 

e Cloud Sandbox: Stop never-before-seen and ¢ Digital Experience Monitoring: Reduce IT 
elusive malware across web and file transfer operational overhead and speed up ticket 
protocols with Al—driven quarantine, sharing resolution with a unified view of application, 
consistent and global protection across all cloud path, and endpoint performance metrics 
users in real time. for analysis and troubleshooting. 


Zscaler Internet Access for Users and Workloads 


Eliminate risk for cloud workloads accessing any internet or SaaS destination with Zscaler Internet Access. 
By removing the need for workloads to access the internet through legacy, network-centric tools such as 
VPNs, firewalls (including virtual firewalls), or VWWAN technologies, you can prevent compromise and stop 
lateral movement without requiring a patchwork of security tools. By applying ZIA’s comprehensive suite 
of security and data protection capabilities to workloads, you can unify zero trust security for your users 
and workloads with a single, integrated platform. 


By pairing ZIA with Zscaler Private Access, you can extend protection to your private apps and workloads, 
whether they reside in the public cloud or a private data center. 


External Apps ZPA App Protection 


ZIA for Users and Workloads : 25 : : : ZPA for Users and Workloads 
Secure internet/SaaS access A $ : Secure private app access 


Cyberthreat Protection 
Al-driven inline content inspection (SSL/TLS) 


Remote App Access Without VPN 

Workforce, third parties, B2B customers 
Block the bad, 

protect the good 


Connect to apps, 


Data Protection not the network 


Inline DLP and CASB, API CASB 


Direct App Access (No Backhaul) 
Hybrid and multicloud environments 


Zscaler Internet Access Zero Trust Zscaler Private Access 


Local Internet Breakouts Exchange (ZPA) 


Microsoft 365, SD-WAN (ZIA) 


Zscaler Digital Experience (ZDX) 
ae” Ensure a great user experience Pie: 


Workload-to-Workload Communication 
Zero trust access across apps/workloads 


Any user, any devices, any app, any location 


Figure 1: The Zero Trust Exchange 
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Use cases 


Cyberthreat and 
ransomware protection 


Move from legacy network security to 
Zscaler’s revolutionary zero trust architecture 
that prevents compromise, eliminates the 
attack surface, stops lateral movement, 


Secure hybrid workforce 


Empower employees, partners, customers, 
and suppliers to securely access web 
applications and cloud services from 
anywhere, on any device—and ensure 

a great digital experience. 


and keeps data safe. fea hice 


Learn More > 


Infrastructure modernization 
stoke Eliminate costly, complex networks 
: with fast, secure, direct-to-—cloud 


access that removes the need for 
edge and branch firewalls. 


fa) Data protection 
® Stop data loss from users, SaaS apps, 
and public cloud infrastructure from 


accidental exposure, data theft, or 
double-extortion ransomware. 


Learn More > Learn More > 


The Zscaler Zero Trust Exchange Ecosystem 
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Figure 2: Zscaler Internet Access partner ecosystem 
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TABLE 1: ZSCALER INTERNET ACCESS FEATURES AND CAPABILITIES 


FEATURE 


Capabilities 


URL filtering 


SSL inspection 


DNS security 


File control 
Bandwidth control 
Advanced threat 


protection 


Inline data protection (data 
in motion) 


Out-of-band data 
protection (data at rest) 


Intrusion prevention 


Dynamic, risk-based 
access and security policy 


Malware analysis 


DNS filtering 


Web isolation 

Correlated threat insights 
Application isolation 
Digital experience 
monitoring 


Application isolation 


Workload-to-internet 
communication protection 
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DETAILS 


Allow, block, caution, or isolate user access to specified web categories or destinations 
to stop web-based threats and ensure compliance with organizational policies. 


Get unlimited TLS/SSL traffic inspection to identify threats and data loss hiding in 
encrypted traffic. Specify which web categories or apps to inspect based on privacy or 


regulatory requirements. 


Identify and route suspicious command-and-control connections to Zscaler threat detection 
engines for full content inspection. 


Block or allow file download/upload to applications based on app, user, or user group. 

Enforce bandwidth policies and prioritize business—critical applications over recreational traffic. 
Stop advanced cyberattacks like malware, ransomware, supply chain attacks, phishing, and more 
with proprietary advanced threat protection. Set granular policies based on your organization’s 
risk tolerance. 

Use forward proxy and SSL inspection capabilities to control the flow of sensitive information to 
risky web destinations and cloud apps in real time, stopping internal and external threats to data. 
Advanced inline protection is provided whether an app is sanctioned or unmanaged without 


requiring network device logs. 


Use API integrations to scan SaaS apps, cloud platforms, and their contents to identify sensitive 
data at rest and remediate automatically by revoking risky or external shares, for example. 


Get complete threat protection from botnets, advanced threats, and zero-days, along with 
contextual information about the user, app, and threat. Cloud IPS works seamlessly across 
Cloud Firewall, Cloud Sandbox, Cloud DLP, and CASB. 

Automatically adapt security and access policy to user, device, application, and content risk. 
Detect, prevent, and quarantine unknown threats hiding in malicious payloads inline with 
advanced AI/ML to stop patient-zero attacks. 


Control and block DNS requests against known and malicious destinations. 


Make web-based threats obsolete by delivering active content as a benign stream of pixels 
to the end user’s browser. 


Speed investigation and response times with contextualized and correlated alerts with insights 
into threat score, affected asset, severity, and more. 


Allow safe, agentless unmanaged device access to SaaS, cloud, and private apps with granular 
control over user actions like copy/paste, upload/download, and print to stop sensitive data loss. 


Get a unified view of application, cloud path, and endpoint performance metrics for analysis 
and troubleshooting. 


Allow safe, agentless unmanaged device access to SaaS, cloud, and private apps with granular 
control over user actions like copy/paste, upload/download, and print to stop sensitive data loss. 


Prevent compromise and stop lateral movement for workload-to-internet communications. 
Includes SSL inspection, IPS, URL filtering, and data protection for all communication. 
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FEATURE 


DETAILS 


Platform features 


Flexible connectivity 
options 


e Zscaler Client Connector (ZCC): Forward traffic to the Zero Trust Exchange via a lightweight 
agent that supports Windows, macOS, iOS, iPadOS, Android, and Linux. 


-+ GRE or IPsec tunnels: Use GRE and/or IPsec tunnels to send traffic to the Zero Trust Exchange 
for devices without ZCC. 


« Browser isolation: Seamlessly connect any BYOD or unmanaged devices with integrated Cloud 
Browser Isolation. 


e Proxy chaining: Zscaler supports forwarding traffic from one proxy server to another, 
but this is not recommended in production environments. 


e PAC files: Send traffic to the Zero Trust Exchange with PAC files for devices without ZCC. 


Cloud-delivered 
deployment 


Data privacy and retention 


Key compliance 
certifications 


Granular API support 


Direct peering 


100% cloud-native platform delivered as a SaaS service. For unique use cases, private and virtual 
service edges are available. 


When logging data, content is never written to the disk and there are granular controls to 
determine where exactly logging takes place. Use role-based access control (RBAC) to provide 
read-only access, username anonymization/obfuscation, and separate access rights by 
department or function, in accordance with key compliance regulations. 


Data is retained for a rolling period of six months or less, depending on the product. 
You can purchase additional storage that retains data for as long as desired. 


Certifications include: 


e FedRAMP 

* ISO 27001 

e SOC 2 Type Il 

* SOC 3 

e NIST 800-63C 


See the full list of our compliance certifications here. 

We maintain REST API integrations with numerous identity, networking, and security 
vendors. For example, you can share logs between Zscaler and your cloud-based or 
on-prem SIEM (e.g., Splunk). 


Learn more 


Direct peering with major internet and SaaS providers and public cloud destinations ensures 
the fastest traffic path possible. 


Service level agreements (SLAs) 


Availability 
Proxy latency 


Virus capture 


Client Connector 
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Supported platforms & syste 


99.999%, measured by transactions lost 
< 100 ms, including when threat and DLP scanning is on 


100% of known viruses and malware 


ms 


Support for: 


« iOS 9 or later 

e Android 5 or later 

e Windows 7 and later 

e Mac OS X 10.10 and later 
e CentOS 8 

e Ubuntu 20.04 


Learn more 
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ZIA editions 


ZIA EDITIONS OVERVIEW BUSINESS TRANSFORMATION UNLIMITED 


Secure web gateway S <S S 
Full TLS/SSL inspection v4 S <A 
URL filtering S Vv v 
Cloud application visibility and control S Ss Ss 
Inline malware prevention S S vv 
Al-powered phishing and C2 detection <S S JS 
e essentials (DLP, visibility, and alerting; S 2 v 
Standard digital experience monitoring S AS S 
Cloud-gen firewall and IPS Add-on SS S 
Cloud-gen sandbox with Al-powered quarantine Add-on <S S 
Attacker deception Add-on VS Sv 
Dynamic, risk-based policy - v v 
Contextual alerts = Vv Vv 
Al-powered Cloud Browser Isolation Add-on <S <S 
REE E rang ai como al Add-on Add-on v 
loT, server, and guest Wi-Fi protection Add-on Add-on S 


Licensing model 
All Zscaler Internet Access editions are priced per user. For certain products inside of your edition, pricing 
may vary outside of user count. For more information on pricing, talk to your Zscaler account team. 


Part of the holistic Zero Trust Exchange 


The Zero Trust Exchange enables fast, secure connections and allows your employees to work from 
anywhere using the internet as the corporate network. Based on the zero trust principle of least—-privileged 
access, it provides comprehensive security using context—based identity and policy enforcement. 


> zscaler | Experience your world, secured: 
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